8728e6a252a6831f67662c898943881e43bf2f7b931cfe9302c3f1886ad98f13

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HookerV2.pyc
Size

42KB
MD5

5fcfc9b2ff8243289511503c02461da2
SHA1

b93ea142ed4429fd6c5965d803660bdd8f15cd56
SHA256

2bf94e6cd95c5dca6a01437f9efce609a1f299b5a7101b804c01f225f664f2bb
SHA512

4ecf1b1bf9d20d96625fb6dc7546137b674c240e865a20a4817c567f82bda4d361b09624a632bb67b5e164bc1a153cec36dc7a6b63b49ccaa523cee864e38ebd
SSDEEP

768:Ybn2jsGnIavohhLzQ2LK4QRb8xn4gujfLc8WK8BM+oaSixrx2YpV6o2LHksz:Yb2jsGnbwhA4QRb8x4xHcCAM+PSiH2YU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3628	OpenWith.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\HookerV2.pyc
1⤵
- Modifies registry class
PID:412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3720 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...